Jeep

[Charlie Miller] and [Chris Valasek] Have just released all their research including (but not limited to) how they hacked a Jeep Cherokee after the newest firmware updates which were rolled out in response to their Hacking of a Cherokee in 2015.

FCA, the Corp that owns Jeep had to recall 1.5 million Cherokee’s to deal with the 2015 hack, issuing them all a patch. However the patch wasn’t all that great it actually gave [Charlie] and [Chris] even more control of the car than they had in the first place once exploited. The papers they have released are a goldmine for anyone interesting in hacking or even just messing around with cars via the CAN bus. It goes on to chronicle multiple hacks, from changing the speedometer to remotely controlling a car through CAN message injection. And this release isn’t limited to Jeep. The research covers a massive amount of topics on a number of different cars and models so if you want to do play around with your car this is the car hacking bible you have been waiting for.

Jeep are not too happy about the whole situation. The dump includes a lot of background for vehicles by multiple manufactureres. But the 2015 hack was prominent and has step by step instructions. Their statement on the matter is below.

Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems.

Those of us who prefer to drive older cars often have to make sacrifices in the entertainment system department to realize the benefits of not having a car payment. The latest cars have all the bells and whistles, while the cars of us tightwads predate the iPod revolution and many lack even an auxiliary input jack. Tightwads who are also hackers often remedy this with conversion projects, like this very slick Bluetooth conversion on a Jeep radio.

There are plenty of ways to go about piping your favorite tunes from a phone to an old car stereo, but few are as nicely integrated as [Parker Dillmann]’s project. An aftermarket radio of newer vintage than the OEM stereo in his 1999 Jeep would be one way to go, but there’s no sport in that, and besides, fancy stereos are easy pickings from soft-top vehicles. [Parker] was so determined to hack the original stereo that he bought a duplicate unit off eBay so he could reverse engineer it on the bench. What’s really impressive is the way [Parker] integrates the Bluetooth without any change to OEM functionality, which required a custom PCB to host an audio level shifter and input switch. He documents his efforts very thoroughly in the video after the break, but fair warning of a Rickroll near the end.

So many of these hacks highjack the tape deck or CD input, but thanks to his sleuthing and building skills, [Parker] has added functionality without sacrificing anything.

With the summer’s big security conferences over, now is a good time to take a look back on automotive security. With talks about attacks on Chrysler, GM and Tesla, and a whole new Car Hacking village at DEF CON, it’s becoming clear that autosec is a theme that isn’t going away.

Up until this year, the main theme of autosec has been the in-vehicle network. This is the connection between the controllers that run your engine, pulse your anti-lock brakes, fire your airbags, and play your tunes. In most vehicles, they communicate over a protocol called Controller Area Network (CAN).

A number of talks were given on in-vehicle network security, which revealed a common theme: access to the internal network gives control of the vehicle. We even had a series about it here on Hackaday.

The response from the automotive industry was a collective “yeah, we already knew that.” These networks were never designed to be secure, but focused on providing reliable, real-time data transfer between controllers. With data transfer as the main design goal, it was inevitable there would be a few interesting exploits.

It was an overcast day with temperatures in the mid seventies – a perfect day to take your brand new Jeep Cherokee for a nice relaxing drive. You and your partner buckle in and find yourselves merging onto the freeway just a few minutes later. You take in the new car smell as your partner fiddles with the central touch screen display.

“See if it has XM radio,” you ask as you play with the headlight controls.

Seconds later, a Taylor Swift song begins to play. You both sing along as the windows come down. “Life doesn’t get much better than this,” you think. Unfortunately, the fun would be short lived. It started with the windshield wipers coming on – the dry rubber-on-glass making a horrible screeching sound.

“Hey, what are you doing!”

“I didn’t do it….”

You verify the windshield wiper switch is in the OFF position. You switch it on and off a few times, but it has no effect. All of the sudden, the radio shuts off. An image of a skull and wrenches logo appears on the touchscreen. Rick Astley’s “Never Gonna Give You Up” begins blaring out of the speakers, and the four doors lock in perfect synchronization. The AC fans come on at max settings while at the same time, you feel the seat getting warmer as they too are set to max. The engine shuts off and the vehicle shifts into neutral. You hit the gas pedal, but nothing happens. Your brand new Jeep rolls to a halt on the side of the freeway, completely out of your control.

Sound like something out of a Hollywood movie? Think again.

[Charlie Miller], a security engineer for Twitter and [Chris Valasek], director for vehicle safety research at IOActive, were able to hack into a 2014 Jeep Cherokee via its wireless on-board entertainment system from their basement. A feature called UConnect, which allows the vehicle to connect to the internet via a cellular connection, has one of those things you might have heard of before – an IP address. Once the two hackers had this address, they had the ‘digital keys’ to the Jeep. From there, [Charlie] and [Chris] began to tinker with the various firmwares until they were able to gain access to the vehicle’s CAN bus. This gives them the ability to control many of the car’s functions, including (under the right conditions) the ability to kill the brakes and turn the steering wheel. You probably already have heard about the huge recall Chrysler issued in response to this vulnerability.

But up until this weekend we didn’t know exactly how it was done. [Charlie] and [Chris] documented their exploit in a 90 page white paper (PDF) and spoke at length during their DEF CON talk in Las Vegas. That video was just published last night and is embedded below. Take look and you’ll realize how much work they did to make all this happen. Pretty amazing.

[Feueru] wanted to update the sound system in his 1998 Jeep Wrangler. The problem is that soft top Jeeps are notorious for radio theft. His solution was to build his own stealth bluetooth stereo. The music comes from his Nexus 5 via bluetooth. A Fusion MS-BT 100 waterproof bluetooth receiver picks up the tunes. From there the signal is passed through the one external control, a line level volume knob. A “BMWx-43 300 Watt” amplifier provides the power to drive the Jeep’s speakers. We’re a bit dubious about the 300 Watt rating, as well as the “Only from the mind of a German” catch phrase. Hey, at least the real BMW didn’t have the amplifiers destroyed at the US port due to trademark issues.

[Feueru] used a standard DIN radio install kit for his Jeep. In place of a headunit, he glued an ABS plastic sheet. The ABS provided a good place to mount his volume control. That volume knob was a bit lonely, so [Feueru] added “Plan B”, his winch controls. The final result looks… well, it looks like a single knob, which is exactly what [Feueru] was going for. Any would-be car radio thief would pass this right by. The only thing missing is an actual FM receiver. Sure, there is a bit of loss when using a bluetooth audio path. However, this is a soft top Jeep with stock speakers, so it’s really not noticeable to [Feueru].

[Eddie Zarick] is at it again, modding his Jeep Wrangler into something that makes us all properly jealous. This time, he managed to acquire and mount the FLIR camera from an old Cadillac. It truly is an FLIR thermal imaging camera, and not just a near-infrared hack. Cadillac used this technology with a HUD, but [Eddie] decided to connect it to his in-dash screen. He also didn’t settle for simply facing it forward, but mounted it to a Golight searchlight base. He mounted the joysticks under the screen, giving him directional control.

[Eddie] spent about $500 on the project, which seems like a lot, but not when you consider the cost of a new FLIR camera. We would love to know where he found such a great deal! Maybe he hit up a local salvage yard? If you know of a good source for parts like this, let us know in the comments!

This display is easily recognizable by the buttons and the outline of a vehicle to the left. It’s a Vehicle Information Center (VIC) from a Jeep Grand Cherokee. [Florlayamp] discovered a row of the vehicles in a junkyard, all with the displays still intact. He grabbed one and turned the VIC into a desk clock. What would you pay for such a fine piece of used electronic hardware? How about six bucks? Yeah!

Getting it running couldn’t be simpler. It’s all set up to be programmed and run on it’s own. A bit of searching around turned up a schematic to figure out which wires are for power. It took some time to figure it out, but the thing draws about 2A so finding a worthy wall wart was a must.

Now that he was sure it would work [Florlayamp] started on the case build. It’s poplar with quarter round to frame the display. On the back you’ll find a single rocker switch.